Various security-related flaws were fixed in getmail versions 4.44, 4.45, and 4.46 [1]. The version of getmail in epel-6 is: getmail-4.40.1-1.el6. CVEs for these issues were requested at [2]. Fedora and EPEL-7 ship getmail-4.46 and are thus not affected. [1] http://pyropus.ca/software/getmail/CHANGELOG [2] http://seclists.org/oss-sec/2014/q4/134
MITRE assigned [1] three CVEs for these issues: CVE-2014-7273: Getmail 4.0.0 through 4.43.0 allows IMAP MITM with an arbitrary certificate CVE-2014-7274: Getmail 4.44.0 allows IMAP MITM with a valid/recognized certificate for an arbitrary hostname CVE-2014-7275: Getmail 4.0.0 through 4.44.0 allows POP MITM with an arbitrary certificate [1] http://seclists.org/oss-sec/2014/q4/199
getmail-4.46.0-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.